From owner-freebsd-isp@FreeBSD.ORG Fri Nov 23 22:17:29 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF43216A41A for ; Fri, 23 Nov 2007 22:17:29 +0000 (UTC) (envelope-from max@neuropunks.org) Received: from finn.neuropunks.org (finn.neuropunks.org [69.31.43.10]) by mx1.freebsd.org (Postfix) with ESMTP id 95A0213C45D for ; Fri, 23 Nov 2007 22:17:29 +0000 (UTC) (envelope-from max@neuropunks.org) Received: from localhost (unknown [127.0.0.1]) by finn.neuropunks.org (Postfix) with ESMTP id F3A1728495 for ; Fri, 23 Nov 2007 16:48:14 -0500 (EST) X-Virus-Scanned: amavisd-new at neuropunks.org Received: from finn.neuropunks.org ([127.0.0.1]) by localhost (finn.neuropunks.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f1bmhlZEP+N1 for ; Fri, 23 Nov 2007 16:48:12 -0500 (EST) Received: from [10.0.1.102] (johnnyfive [207.38.192.19]) by finn.neuropunks.org (Postfix) with ESMTP id A949A28489 for ; Fri, 23 Nov 2007 16:48:12 -0500 (EST) Message-ID: <47474A9B.7050902@neuropunks.org> Date: Fri, 23 Nov 2007 16:48:11 -0500 From: Max Gribov User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com> In-Reply-To: <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2007 22:17:29 -0000 Jo Rhett wrote: > On Nov 21, 2007, at 9:58 PM, Mitchell Smith wrote: >> We are also looking at other open source solutions such as amavis This may cause a flamewar, but we found greylisting to work pretty well to generally reduce amount of spam being processed. We use policyd/mysql with postfix, and there are qmail and sendmail implementations, and others without using a db. Id say after setting up greylisting, spam really did go down by 60% or so. Everything else gets caught by amavis/spamassin/clamav To complete flamewar bait : ), there is also SPF/DomainKeys which do reduce some types of spam, sometimes, before it hits your filters http://www.openspf.org/ http://domainkeys.sourceforge.net/ Also, within spamassassin itself, you can specify various block lists to check, and assign them preference which will influence the ultimate spam decision. ex: cat /usr/local/etc/mail/spamassassin/local.cf # Five Ten block list header __RCVD_IN_FIVETENSRC eval:check_rbl('blackholes', 'blackholes.five-ten-sg.com.') describe __RCVD_IN_FIVETENSRC Received via a relay in Five Ten block list tflags __RCVD_IN_FIVETENSRC net header RCVD_IN_FIVETENSRC eval:check_rbl_sub('blackholes', '127.0.0.2') describe RCVD_IN_FIVETENSRC Received via a relay in Five Ten block list tflags RCVD_IN_FIVETENSRC net #### score RCVD_IN_FIVETENSRC 0.5 if you google for spam block lists, you can find others which publish their blocklist as a dns zone. Another thing you can do is use pf tarpits with spamd on free/openbsd: http://www.benzedrine.cx/relaydb.html This method will also allow you to build your own blacklist over time. > > Amavisd can be very high performance if you run it and clamav/whatever > virus checker using temporary storage on a ramdisk. We're quite happy > with it. > > If you need more per-user/stream options then check out CanIt. If you > run it on your own hardware the pricing model is pretty easy on the > wallet. >